Total
236 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-35203 | 1 Netscout | 1 Ngeniusone | 2023-12-10 | 3.5 LOW | 5.7 MEDIUM |
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint. | |||||
CVE-2022-22269 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. | |||||
CVE-2021-20148 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2023-12-10 | 3.5 LOW | 4.3 MEDIUM |
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain. | |||||
CVE-2021-25741 | 1 Kubernetes | 1 Kubernetes | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. | |||||
CVE-2020-35340 | 1 Expertpdf | 1 Expertpdf | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read. | |||||
CVE-2021-31850 | 2 Mcafee, Microsoft | 2 Database Security, Windows | 2023-12-10 | 4.9 MEDIUM | 6.1 MEDIUM |
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server. | |||||
CVE-2021-43772 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security, Internet Security and 2 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. | |||||
CVE-2021-22015 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. | |||||
CVE-2021-44315 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. | |||||
CVE-2022-22268 | 1 Google | 1 Android | 2023-12-10 | 3.6 LOW | 6.1 MEDIUM |
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. | |||||
CVE-2021-25521 | 1 Samsung | 1 Internet | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. | |||||
CVE-2021-31600 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Intelligence Server | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames. | |||||
CVE-2021-38711 | 1 Gitit Project | 1 Gitit | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. | |||||
CVE-2018-10863 | 1 Redhat | 1 Certification | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information. | |||||
CVE-2021-37348 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. | |||||
CVE-2021-33359 | 1 Sensepost | 1 Gowitness | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file. | |||||
CVE-2021-24154 | 1 Themeeditor | 1 Theme Editor | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd | |||||
CVE-2021-1256 | 1 Cisco | 1 Firepower Threat Defense | 2023-12-10 | 3.6 LOW | 6.0 MEDIUM |
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device. | |||||
CVE-2021-22769 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted. | |||||
CVE-2021-36763 | 1 Codesys | 7 Control, Control Rte, Control Runtime System Toolkit and 4 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. |